2017-06-01 09:16:18

by Jia-Ju Bai

[permalink] [raw]
Subject: [BUG] ntb: Sleep in interrupt handling

According to ntb_transport.c, the driver may sleep in interrupt handling.
The function call path is:
ntb_transport_rxc_db (tasklet_init indicates it handles interrupt)
ntb_process_rxc
ntb_async_rx
ntb_async_rx_submit
schedule_timeout --> may sleep

This bug is found by my static analysis tool and my code review.
I hope to fix it, but I do not have a good solution.

Thanks,
Jia-Ju Bai


2017-06-01 13:10:49

by Allen Hubbe

[permalink] [raw]
Subject: RE: [BUG] ntb: Sleep in interrupt handling

From: Jia-Ju Bai
> According to ntb_transport.c, the driver may sleep in interrupt handling.
> The function call path is:
> ntb_transport_rxc_db (tasklet_init indicates it handles interrupt)
> ntb_process_rxc
> ntb_async_rx
> ntb_async_rx_submit
> schedule_timeout --> may sleep
>
> This bug is found by my static analysis tool and my code review.
> I hope to fix it, but I do not have a good solution.

Thanks! There is a recovery path if ntb_async_tx_submit fails. It will do the transmission with memcpy instead of dma. So, rather than retry in ntb_async_tx_submit, just fail to the recovery path. Basically, replace the whole for(retries) loop with just txd = prep(); Would you like to work on the patch?

>
> Thanks,
> Jia-Ju Bai